Event ID 4015 -- functioning active directory

I have been banging my head against the wall on this one, can't find any information on this that makes sense to me.

We have 2 domain controllers, both Win2k3 with latest SP and security updates. Recently, about a month ago, we started experiencing DNS/Active Directory issues with our Mac clients. We found a work around but now our VPN uers are having errors that is leading me to believe our domain controllers/active directory is corrupt or not functioning properly.

I've gone into the event view and started noticing event id 4015 in the DNS Server and in Directory Service event ID 1168.

I'm fairly new to administering Active Directory and Domain Controllers, so any help would be greatly appreciated.

The users can't access their email or the file shares and the problem is intermittent. I've been working with our VPN service provider for the past 2 weeks, and they claim nothing has changed. The VPN service providers state that it could be a DNS issue.

The users can sometimes access the shares by share name, but when they can't, they can access them by IP address.

Administration of Active Directory does not have to be hard. Too often what should be a simple task is made more difficult than it needs to be.The solution? Hyena from SystemTools Software. With ease-of-use as well as powerful importing and bulk updating capabilities.

&A common problem is that routers will arbitrarily fragment UDP packets; when this happens the Kerberos ticket request packets are discarded by the KDC. Windows Vista and Windows Server 2008 now default to using TCP for Kerberos ticket requests&

May want to try that registy change on one or two test machines.
Thanks
Mike

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

Well setting them up to point to themselves is ok, but I've seen this 4015 before and you will hear it called the "race condition" problem. So DNS and AD are both trying to start and they depend on each other and then they fail.
Try pointing to each other for primary and to themselves as secondary and then during your next maintenance cycle reboot one of the boxes and see if you get the 4015 errors still.
Then reboot the other and observe the results.
We have had luck with that configuration on our DCs that had this issue.
Thanks
Mike

Featured Post

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.

This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller.
Log onto the new domain controller with a user account t…